Is getting hacked just normal?

I am a returning player from over 15 years ago that could not remember his login details so I started fresh about a month ago and signed up as a member.

I logged on today, after not logging in yesterday, and my GP was at 0, and several of my items had been sold on the Grand Exchange.

I am an adult and have never logged in on a weird site or had someone ask for my password. I've literally just had it downloaded on my MacBook and I log on there. So the idea of me compromising my own account is next to 0.

Without having this happen before, it seems from reading I am supposed to just lose my items and GP and move on? Will support track my items and give it back? I can't possibly envision spending money on this game if it can be hacked so easy and the items won't be returned.

Your underlying assertion that it's easy to get hacked is wrong. You start from a position of security by default, and your account only becomes compromised as a result of some action or mistake you made. It is, however, quite likely that you didn't realise you made it, as a lot of common scams and attack methodologies are quite mature, and effective simply because they're indistinguishable from the reall thing.

There are plenty of resources to help you protect your account - I recommend bank PIN and authenticator, the combination of which goes a significant distance to preventing a lot of common attacks. On top of this, make sure you're affording your email account as much protection as you do your Runescape (or any) account - if someone has your email compromised, they can do anything they like to recover your account, change its password, disable authenticator, etc.

Jagex don't return lost items as a result of being hacked - your account security is your responsibility. Suggest you read through this board, and some of the stickies (there's a good one in the General board), and read up a bit on common social engineering methodologies. And make good use of the various tools you have to secure your account, like MFA, bank PIN, password vault etc etc.

I appreciate the reply but have a problem with the notion that my account is 100% secure on the Jagex side and this still happened. I think that is a very easy thing to say and a harder thing to prove. I'm sure if I scoured the forums I would find other posters who have not entered their passwords anywhere else other than the game itself and have been taken advantage of. For my job, I handle very sensitive material frequently so I am well aware of how you can expose yourself to hacks and how to avoid them.

If it is the case that I am not returned my items, I am sure Jagex will just patch whatever was vulnerable in the future and no one will hear a thing.

Moneybuckssaid: Your underlying assertion that it's easy to get hacked is wrong. You start from a position of security by default, and your account only becomes compromised as a result of some action or mistake you made. It is, however, quite likely that you didn't realise you made it, as a lot of common scams and attack methodologies are quite mature, and effective simply because they're indistinguishable from the reall thing.

There are plenty of resources to help you protect your account - I recommend bank PIN and authenticator, the combination of which goes a significant distance to preventing a lot of common attacks. On top of this, make sure you're affording your email account as much protection as you do your Runescape (or any) account - if someone has your email compromised, they can do anything they like to recover your account, change its password, disable authenticator, etc.

Jagex don't return lost items as a result of being hacked - your account security is your responsibility. Suggest you read through this board, and some of the stickies (there's a good one in the General board), and read up a bit on common social engineering methodologies. And make good use of the various tools you have to secure your account, like MFA, bank PIN, password vault etc etc.

Furthermore, I just ran my monthly scan early and there are no signs of viruses, malware, key-loggers or anything of the sort. Furthermore not pointing to my end as I've never even received anything asking me to log in with this account.

Did you have a unique account name?Did you have a unique Password?Did you have Authenticator?Did you have a Bank Pin?Did you have a 2 Step Email login?Did you login to your account on anything other than your home network?Did you download any client other than RS Official Client?Did you scan your computer with Malwarebytes?Did you follow any offsite link to log into RS?

25-Jun-2019 01:39:42
- Last edited on 25-Jun-2019 01:41:50 by ToPáBaSS

Yes on unique name, and password. I did not utilize other security measures such as authenticator and bank pin as I was not being careless with my acct so I did not want to burden my playing experience.

I only used a single computer (MacBook) for logins and only on my home network. I have only ever used the RS Official client for playing. I have scanned my computer twice just today for malware or keylogging with no results.

I wish there was a simple thing to point to in regards to how this happened. Sure I could have done more, but it's not like I was botting or buying GP.

ToPáBaSSsaid: Did you have a unique account name?Did you have a unique Password?Did you have Authenticator?Did you have a Bank Pin?Did you have a 2 Step Email login?Did you login to your account on anything other than your home network?Did you download any client other than RS Official Client?Did you scan your computer with Malwarebytes?Did you follow any offsite link to log into RS?

I appreciate the reply LadyOLake. The most frustrating thing is what everyone is saying above makes perfect sense. You are all right and my point is, none of it is really news to me.

I understand I could have added more security to my acct but as I was secure with my browsing activity I didn't really need to be too concerned I felt. I highly doubt my computer is hacked and the most valuable thing is my Runescape haha.

At this point, it is about 20m worth of GP that was taken from my counts. Although that isn't a ton for some people, that is what I had to spare after a month. I'm still not sure why they didn't clear out everything from my acct.

It seems something like simple GP should be incredibly easy to track and recover. It doesn't quite make sense why they wouldn't from a business standpoint.

Sometimes just clicking a link.. and not even putting info in is enough togive someone control of your computer.

And to be honest if that happened all the security in the world may nothave helped you.

Jagex can track the gp but lets put it like this. A scenario... the personpurchased a staff of sliske with your gps. They then sold it for 3 mil cheaperto someone else. So now if your gps are taken from the person who boughtthe staff cheaper than normal who is completly innocent.... How is thatfair to that person.

Jagex had in the past for a short time gave items back.. only to find when theydid it people got even more lax on security and people lied about getting hijackedor had friends in far off places just get their items so that they could get the items back too. And just to reproduce items and gp would demolish the economyworse than it is.The richest person is not who has the most. It is who Needs the least.

It seems something like simple GP should be incredibly easy to track and recover. It doesn't quite make sense why they wouldn't from a business standpoint.

Your GP may have been used to purchase items from other players for instance. It would not be fair if the other players were penalised with a loss if Jagex were to take back the GP.

The "business standpoint" is common sense. If it were so easy for players to regain lost or stolen items and GP then there would be no incentive to keep a secure account. it would also tempt some to manufacture hijackings to their gain and benefit.

You agreed to the following...

Your account and licenseYou are responsible for the activities of all persons who use your password to gain access to your account.

No matter which way you cut it your account was accessed by use of your account name, password, the access aided by lack of bank pin and authenticator. How exactly is unknown but you really need to trace where your lack of security lies.